From 18f231e6ff953c014f4ef0a75da7bf20c4f35de9 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Sat, 5 Mar 2016 12:59:45 +0100
Subject: [PATCH] _virtualboxCreateMachine: Avoid unbounded stack

If the stars are in the right position and you're building with
VBox >= 4.2.0 it will happen that compiler thinks an array
allocated on the stack may be unbounded:

In file included from vbox/vbox_V4_2.c:13:0:
vbox/vbox_tmpl.c: In function '_virtualboxCreateMachine':
vbox/vbox_tmpl.c:2811:1: error: stack usage might be unbounded [-Werror=stack-usage=]
 _virtualboxCreateMachine(vboxGlobalData *data, virDomainDefPtr def, IMachine **machine, char *uuidstr ATTRIBUTE_UNUSED)
 ^

Well, given how the variable is declared, I had some hard time
seeing it is actually bounded. Surprisingly compiler does not
complain because of -Wframe-larger-than. This is because
variable length arrays do not count into that warning.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/vbox/vbox_tmpl.c | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/src/vbox/vbox_tmpl.c b/src/vbox/vbox_tmpl.c
index 0fbd5b3297..7a8205dc82 100644
--- a/src/vbox/vbox_tmpl.c
+++ b/src/vbox/vbox_tmpl.c
@@ -2812,7 +2812,7 @@ _virtualboxCreateMachine(vboxGlobalData *data, virDomainDefPtr def, IMachine **m
 {
     vboxIID iid = VBOX_IID_INITIALIZER;
     PRUnichar *machineNameUtf16 = NULL;
-    nsresult rc;
+    nsresult rc = -1;
 
     VBOX_UTF8_TO_UTF16(def->name, &machineNameUtf16);
     vboxIIDFromUUID(&iid, def->uuid);
@@ -2843,18 +2843,12 @@ _virtualboxCreateMachine(vboxGlobalData *data, virDomainDefPtr def, IMachine **m
                                                 override,
                                                 machine);
 #else /* VBOX_API_VERSION >= 4002000 */
-        const char *flagsUUIDPrefix = "UUID=";
-        const char *flagsForceOverwrite = "forceOverwrite=0";
-        const char *flagsSeparator = ",";
-        char createFlags[strlen(flagsUUIDPrefix) + VIR_UUID_STRING_BUFLEN + strlen(flagsSeparator) + strlen(flagsForceOverwrite) + 1];
+        char *createFlags = NULL;
         PRUnichar *createFlagsUtf16 = NULL;
 
-        snprintf(createFlags, sizeof(createFlags), "%s%s%s%s",
-                 flagsUUIDPrefix,
-                 uuidstr,
-                 flagsSeparator,
-                 flagsForceOverwrite
-                );
+        if (virAsprintf(&createFlags,
+                        "UUID=%s,forceOverwrite=0", uuidstr) < 0)
+            goto cleanup;
         VBOX_UTF8_TO_UTF16(createFlags, &createFlagsUtf16);
         rc = data->vboxObj->vtbl->CreateMachine(data->vboxObj,
                                                 NULL,
@@ -2864,6 +2858,8 @@ _virtualboxCreateMachine(vboxGlobalData *data, virDomainDefPtr def, IMachine **m
                                                 nsnull,
                                                 createFlagsUtf16,
                                                 machine);
+ cleanup:
+        VIR_FREE(createFlags);
 #endif /* VBOX_API_VERSION >= 4002000 */
     }
     VBOX_UTF16_FREE(machineNameUtf16);